#!/bin/bash

. /etc/profile

etcd_certs_dir="roles/etcd/files/certs"

if [ -f ${etcd_certs_dir}/ca.key ] ; then

echo "ca.key is Exist!"
exit 0

fi

if [ ! -d $certs_dir ] ; then
mkdir -p $certs_dir
fi

# 计算签发时间
sign_date () {
if [ -z $1 ] ; then
  YEARS=100
else
  YEARS=$
fi

current_second=$(date +%s)
expire_second=$(date -d "${YEARS}year" +%s)
inter_seconds=$((${expire_second} - ${current_second}))
inter_days=$((${inter_seconds}/60/60/24))
}


# 生成etcd的CA的key和cert
generate_etcd_ca () {
openssl genrsa -out ${etcd_certs_dir}/ca.key 2048
openssl req -x509 -new -nodes -key ${etcd_certs_dir}/ca.key -subj "/CN=etcd-ca" -days $inter_days -out ${etcd_certs_dir}/ca.crt
}

sign_date $1
generate_etcd_ca
